Free Malware Removal Forum

Welcome to MalwareRemoval.com,What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Hi, For a weeks now I've noticed everytime I click a link provided in search engine results (Google, Yahoo etc) I am redirected to an advertising site, often prompting me to download virus protection software. I cannot access the sites I want to without being redirected.My internet also appears slower than normal. From doing a scan from Hitman Pro 3.5.7 I have narrowed the problem down to malware in two files:

explorer.exewininit.exe

I did some searching, and I've come to the conclusion I cannot delete these files. Yes, I'm a bit of a luddite when it comes to this sort of stuff.

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our
Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.

LiiammmSorry for the delay.If you still need help and are not receiving it elsewhere, please proceed as follows:===============================================================================Based on your description, it is likely you have an extremely dangerous infection on the machine. It is called Bamital.DIt is dangerous on two fronts.

First: Warning - Compromised DataBecause the infection has had remote control access to all your Internet activities, you should assume that any data on it may have been stolen.Take whatever precautions you think sensible about any financial (credit cards, banking, etc.), or other critical information that has been passed through or stored on the machine.I would suggest changing all account names/numbers, and passwords for ANY accounts that have been used with the machine.That includes not only banking, credit cards, and financial, but also website and e-mail accounts as well. Use a clean PC (not this one) to make the changes.

Second:Bamital.D is an infection, peddled by criminals, with an attitude that they will own your computer or they will trash it.In the process, they have created an infection that is very risky to fix.They have corrupted two critical Windows files, without which Windows will not boot.The likelihood of a total PC failure during the "FIX" is very real.

You most likely contracted it through the use of P2P programs like BitTorrent DNA, to get free downloads.

Now, what to doBefore we attack the infection, you should be absolutely clear about the following:

If the attempt to fix your machine fails, it will likely fail to boot.

You need to make backups of every important data file, document, etc. on the machine that is important to you. Save to CDs, DVDs, flash drives, or external hard drive.

Get your Sony VAIO User Guide and be SURE you know how to do a complete System Recovery. If fixing this infection fails, this is what you will need to do. This is usually done by hitting a certain Function key as the machine starts. This is the "drastic" recovery method that puts your machine's C: drive back to the exact state it was in when you purchased it. Any choice to do a "Repair Install" which leaves the programs intact, will fail. A full System Recovery would mean re-installing all programs over again, this time not using P2P programs to download anything. After Recovery, the system would need to be updated immediately by connecting to Microsoft and getting all the Updates.

Locate any System Disks you have from when you bought the machine.

You cannot continue with a machine controlled by criminals. They can send out spam, e-mails, and infections using your machine as the perpetrator.

So, please do your major homework assignment, and tell me your status, and when you are ready to proceed.Do not run any scans or cleaning until you reply. askey127

I will leave this thread open.If it perchance gets closed in the meantime, send me a PM when you are ready, and I will re-open it.I will guide you through the steps to clear the infection when you return.It would be best if you do not do any more Internet connections than absolutely necessary with this machine in the meantime.System Restore has not been very successful at removing the infection, but we can look at it as one of the possibilities.

I don't see BitTorrent DNA in the programs list, but it's running. What's with that? Did you remove it from the list?------------------------------------------------Remove Programs Using Control PanelFrom Start, Control Panel, click on Uninstall a program under the Programs heading.Right click each Entry, as follows, one by one, if it exists, choose Uninstall/Change, and give permission to Continue:Ask ToolbarHitman Pro 3.5Java(TM) 6 Update 12Java(TM) 6 Update 6McAfee Security Scan

This one has been a known purveyor of spyware. It claims to have cleaned up its act, but I would suggest removing it also.Messenger Plus! Live

Take extra care in answering questions posed by any Uninstaller.-----------------------------------------------------------REBOOT (RESTART) Your Machine---------------------------------------------Please download SystemLook from one of the links below and save it to your Desktop.Download Mirror #1Download Mirror #2

When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt---------------------------------------------Run CKScannerDownload CKScanner from HEREImportant - Save it to your desktop.Right-Click CKScanner.exe, choose Run as administrator and click Search For Files.After a couple minutes or less, when the cursor hourglass disappears, click Save List To File.A message box will verify the file saved.Double-click the CKFiles.txt icon on your desktop, give permission if asked, and copy/paste the contents in your next reply.

So we are looking for info about BitTorrent DNA, results from SystemLook.txt and the log from CKScanner.txtaskey127

Liiammm-----------------------------------------------Download Antivir FreeThis program is free for personal, non-business use.Download the AntiVir Free Installer from here : http://www.softpedia.com/get/Antivirus/AntiVir-Personal-Edition.shtmlSave the Installer to your desktop, but DO NOT RUN IT YET.-----------------------------------------------------------Download and Run ComboFixIMPORTANT NOTE: ComboFix is a VERY POWERFUL tool. DO NOT use it without guidance.ComboFix uses very forceful tactics to remove malware from your system.

Rename it while saving the download to zzz.exe and save it to your Desktop. Do not try to rename it after it has been saved to your desktop, or the infection may prevent you from using it. **Note: It is important that it is saved directly to your desktop and run from the desktop, not from any other folder on your computer**

Now start ComboFix (zzz.exe). Right click and choose "Run as administrator".

OK any disclaimers and start the Scan.

Do not touch the computer AT ALL while ComboFix is running.

When finished, the report will open. Assembling the report can take a while. Let it run. When the log report opens, post the contents in your next reply.

A copy of the log will be located here if you need it-> C:\ComboFix.txtIf you cannot connect to the internet after running ComboFix, unplug the cable you use to connect to the internet and plug it back in.

Infected copy of c:\windows\explorer.exe was found and disinfected Restored copy from - c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

Infected copy of c:\windows\System32\wininit.exe was found and disinfected Restored copy from - c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

Infected copy of c:\windows\explorer.exe was found and disinfected Restored copy from - c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe.((((((((((((((((((((((((( Files Created from 2010-11-02 to 2010-12-02 ))))))))))))))))))))))))))))))).

Paste the contents of the clipboard into the Notepad window by pressing Ctrl+V or Edit, Paste

Save it to your desktop as CFScript.txt

Now drag and drop the CFScript.txt icon onto combofix.exe (zzz.exe) as in the picture above, and follow the prompts.

Then post the resultant log, C:\ComboFix.txt, in your next reply.

----------------------------------------------Download and Run Temp File Cleaner (TFC.exe)Download Temp File Cleaner and save it to your desktop.Double click to run it. (Right click and choose Run as Administrator in Vista or Win7)If you have a lot of junk files to remove, it could take a while, so please be patient and let it finish.When it's done, if it asks to Reboot, choose to do so. This will remove files that could not be removed while Windows was running. After Restart, log back in to your usual account.-----------------------------------------------Install AntivirDouble Click the Avira Antivir Installer on your desktop (Right click and choose "Run as administrator" in Vista/Win7), and Install the program. -----------------------------------------------Update and Scan with AntivirRight click the red umbrella icon and choose Start Antivir.When the window comes up click Start Update.When the update is complete, click on Scan System Now.This full scan could take a hour or more. Have it fix anything it finds.-----------------------------------------------Get Last Avira ReportRight click the red umbrella icon in the system tray and click Start AntivirIn the left pane, click Overview, then click ReportsThere wil be reports titled Update and reports titled Scan. Find the most recent report in the list titled ScanClick on the Report File button, or Right click the report and choose Display Report.The report contents will come up in Notepad. Highlight the entire report (Ctrl+A) and copy to the clipboard (Ctrl+C).Paste the contents (Ctrl+V) into your next reply.askey127

Looks pretty good to me.Tell me how it's running.-----------------------------------------------------------Post a New HiJackThis LogStart HijackThis (double-click in XP, or right-click and "Run as administrator" in Vista/Win7)Click Do System Scan and Save a Log File. When the Scan is complete, select the whole log (Ctrl +A), copy (Ctrl+C) and paste (Ctrl+V) the log contents into a reply. -----------------------------------------------------------Retrieve the List of Installed programs Using HJTOpen HijackThis, click Open The Misc Tools Section. Then scroll down the list if you need to, click Open Uninstall Manager and Save List...The List of installed programs will automatically be saved as uninstall_list.txt in your HiJackThis folder. In addition, the list opens in Notepad so you can also save as another name in another location if you wish. Please paste the contents into your next reply.

Who is online

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.